This page collects WhisperX intelligence signals tagged #secrets-management. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A confirmed, reachable vulnerability in the OpenBao Secrets Operator's main branch risks leaking sensitive HTTP basic authentication credentials directly into log files. The flaw, tracked as GO-2024-2947, stems from a failure to sanitize URLs before they are written to logs, potentially exposing usernames and passwords...
A reachable cryptographic vulnerability has been confirmed in the `release/2.4.x` branch of the OpenBao secrets management software. The security flaw, tracked as GO-2026-4550, stems from an incorrect calculation in the secp384r1 CombinedMult function within the Cloudflare CIRCL library. Govulncheck analysis confirms t...
A reachable vulnerability in the OpenBao Secrets Operator's main branch is leaking sensitive HTTP basic authentication credentials directly into log files. The flaw, tracked as GO-2024-2947, stems from a failure to sanitize URLs before they are written to logs within the underlying `github.com/hashicorp/go-retryablehtt...
A reachable cryptographic vulnerability, GO-2026-4550, has been confirmed in the `release/2.4.x` branch of the OpenBao secrets management software. The govulncheck tool has identified a call path from OpenBao's source code to a flawed calculation in the Cloudflare CIRCL library, specifically within its secp384r1 Combin...
A critical security vulnerability in the OpenBao Secrets Operator's main branch can leak sensitive HTTP basic authentication credentials directly into log files. The flaw, identified as GO-2024-2947, is confirmed as 'reachable' by automated scanning tools, meaning the vulnerable code path is active and exploitable in t...
A critical, reachable vulnerability has been confirmed in the OpenBao project's `release/2.5.x` branch, exposing a potential authorization bypass in its core gRPC communication layer. The flaw, tracked as GO-2026-4762, stems from a missing leading slash in the `:path` header within the `google.golang.org/grpc` dependen...
A confirmed, reachable vulnerability in the OpenBao Secrets Operator's main branch risks leaking sensitive HTTP basic authentication credentials directly into log files. The security flaw, identified as GO-2024-2947, stems from a failure to sanitize URLs before they are written to logs within the `github.com/hashicorp/...
A critical, reachable vulnerability has been confirmed in the OpenBao secrets management platform, exposing its `release/2.5.x` branch to a gRPC authorization bypass. The flaw, tracked as GO-2026-4762, stems from a missing leading slash in the HTTP/2 `:path` header within the `google.golang.org/grpc` library, a core de...
A critical security vulnerability has been confirmed in the OpenBao Secrets Operator, where sensitive HTTP basic authentication credentials can be leaked directly into log files. The flaw, tracked as GO-2024-2947, is classified as 'reachable' by automated scanning tools, meaning the vulnerable code path is actively use...
A critical security vulnerability has been flagged as reachable within the OpenBao project's stable release branch, exposing a potential authorization bypass through a deeply embedded dependency. The finding, identified as GO-2026-4887, originates from a flaw in the Moby engine (github.com/docker/docker) where oversize...
A critical, reachable vulnerability in the Moby Docker engine has been identified within the OpenBao secrets management platform's active release branch. The security flaw, tracked as GO-2026-4883, is an off-by-one error in Docker's plugin privilege validation. This vulnerability is not theoretical; automated scanning ...
A critical security vulnerability has been identified within the core dependencies of the OpenBao open-source secrets management platform. The finding, tracked as GO-2026-4887, reveals a reachable flaw in the Moby (Docker) engine that allows for an authorization (AuthZ) plugin bypass when processing oversized request b...
A security misconfiguration in the frontend Docker build pipeline exposes the Application Insights connection string within persistent image layer metadata, creating a secrets-leakage vector accessible to anyone with container registry access. The vulnerability stems from how `VITE_APPINSIGHTS_CONNECTION_STRING` is pas...